Merge branch 'revert-holocron' into 'master'

Revert "Holocron" See merge request !3721

Merge branch 'revert-holocron' into 'master'
97e463fa · Ryan Garcia · 38c479c1 · bc17cebe · 38c479c1 · 38c479c1
Commit 97e463fa authored 1 year ago by Ryan Garcia
--- a/chart/templates/holocron/gitlab-ingress.yaml
+++ b/chart/templates/holocron/gitlab-ingress.yaml
-{{- $pkg := "holocron" }}
-{{- if and .Values.networkPolicies.enabled .Values.addons.gitlab.enabled (get .Values.addons $pkg).enabled }}
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: {{ $pkg }}-allow-ingress
-  namespace: gitlab
-spec:
-  podSelector:
-    matchLabels:
-      app: webservice
-  policyTypes:
-  - Ingress
-  ingress:
-    - from:
-      - namespaceSelector:
-          matchLabels:
-            app.kubernetes.io/name: holocron
-        podSelector:
-          matchLabels:
-            role: collector
-{{- end }}
--- a/chart/templates/holocron/gitrepository.yaml
+++ b/chart/templates/holocron/gitrepository.yaml
-{{- $pkg := "holocron" }}
-{{- if and (eq (get .Values.addons $pkg).sourceType "git") (not .Values.offline) (get .Values.addons $pkg).enabled }}
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: {{ $pkg }}
-  namespace: {{ .Release.Namespace }}
-spec:
-  interval: {{ .Values.flux.interval }}
-  url: {{ (get .Values.addons $pkg).git.repo }}
-  ref:
-    {{- include "validRef" (get .Values.addons $pkg).git | nindent 4 }}
-  {{ include "gitIgnore" . }}
-  {{- include "gitCreds" . | nindent 2 }}
-{{- end }}
--- a/chart/templates/holocron/helmrelease.yaml
+++ b/chart/templates/holocron/helmrelease.yaml
-{{- $pkg := "holocron" }}
-{{- $fluxSettingsHolocron := merge (get .Values.addons $pkg).flux .Values.flux -}}
-{{- if (get .Values.addons $pkg).enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: {{ $pkg }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ $pkg }}
-    {{- include "commonLabels" . | nindent 4}}
-  annotations:
-    checksum/bigbang-values: {{ include (print $.Template.BasePath "/holocron/values.yaml") . | sha256sum }}
-spec:
-  releaseName: {{ $pkg }}
-  targetNamespace: {{ $pkg }}
-  chart:
-    spec:
-      {{- if eq (get .Values.addons $pkg).sourceType "git" }}
-      chart: {{ (get .Values.addons $pkg).git.path }}
-      sourceRef:
-        kind: GitRepository
-        name: holocron
-        namespace: {{ .Release.Namespace }}
-      {{- else }}
-      chart: {{ (get .Values.addons $pkg).helmRepo.chartName }}
-      version: {{ (get .Values.addons $pkg).helmRepo.tag }}
-      sourceRef:
-        kind: HelmRepository
-        name: {{ (get .Values.addons $pkg).helmRepo.repoName }}
-        namespace: {{ .Release.Namespace }}
-      {{- end }}
-      interval: 5m
-
-  {{- toYaml $fluxSettingsHolocron | nindent 2 }}
-
-  {{- if (get .Values.addons $pkg).postRenderers }}
-  postRenderers:
-  {{ toYaml (get .Values.addons $pkg).postRenderers | nindent 4 }}
-  {{- end }}
-  valuesFrom:
-    - name: {{ .Release.Name }}-{{ $pkg }}-values
-      kind: Secret
-      valuesKey: "common"
-    - name: {{ .Release.Name }}-{{ $pkg }}-values
-      kind: Secret
-      valuesKey: "defaults"
-    - name: {{ .Release.Name }}-{{ $pkg }}-values
-      kind: Secret
-      valuesKey: "overlays"
-
-  {{- if or .Values.istio.enabled .Values.kyvernoPolicies.enabled .Values.monitoring.enabled  .Values.addons.gitlab.enabled}}
-  dependsOn:
-  {{- if .Values.istio.enabled }}
-    - name: istio
-      namespace: {{ .Release.Namespace }}
-  {{- end }}
-  {{- if .Values.kyvernoPolicies.enabled }}
-    - name: kyverno-policies
-      namespace: {{ .Release.Namespace }}
-  {{- end }}
-  {{- if .Values.monitoring.enabled }}
-    - name: monitoring
-      namespace: {{ .Release.Namespace }}
-  {{- end }}
-  {{- if .Values.addons.gitlab.enabled }}
-    - name: gitlab
-      namespace: {{ .Release.Namespace }}
-  {{- end }}
-  {{- end }}
-{{- end }}
--- a/chart/templates/holocron/imagepullsecret.yaml
+++ b/chart/templates/holocron/imagepullsecret.yaml
-{{- $pkg := "holocron" }}
-{{- if and (get .Values.addons $pkg).enabled ( include "imagePullSecret" . ) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: private-registry
-  namespace: {{ $pkg }}
-  labels:
-    app.kubernetes.io/name: {{ $pkg }}
-    {{- include "commonLabels" . | nindent 4 }}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ template "imagePullSecret" . }}
-{{- end }}
--- a/chart/templates/holocron/jira-ingress.yaml
+++ b/chart/templates/holocron/jira-ingress.yaml
-{{- $pkg := "holocron" }}
-{{- if and .Values.networkPolicies.enabled (get .Values.addons $pkg).jira.enabled (get .Values.addons $pkg).enabled }}
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: {{ $pkg }}-allow-ingress
-  namespace: jira
-spec:
-  podSelector:
-    matchLabels:
-      app: jira
-  policyTypes:
-  - Ingress
-  ingress:
-    - from:
-      - namespaceSelector:
-          matchLabels:
-            app.kubernetes.io/name: holocron
-        podSelector:
-          matchLabels:
-            role: collector
-{{- end }}
\ No newline at end of file
--- a/chart/templates/holocron/namespace.yaml
+++ b/chart/templates/holocron/namespace.yaml
-{{- $pkg := "holocron" }}
-{{- if and (get .Values.addons $pkg).enabled (not (get .Values.addons $pkg).collectorAuth.existingSecret) }}
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: {{ $pkg }}
-  labels:
-    {{- if .Values.istio.enabled }}
-    istio-injection: enabled
-    {{- end }}
-    app.kubernetes.io/name: {{ $pkg }}
-    app.kubernetes.io/component: "core"
-    {{- include "commonLabels" . | nindent 4}}
-{{- end }}
--- a/chart/templates/holocron/sonarqube-ingress.yaml
+++ b/chart/templates/holocron/sonarqube-ingress.yaml
-{{- $pkg := "holocron" }}
-{{- if and .Values.networkPolicies.enabled .Values.addons.sonarqube.enabled (get .Values.addons $pkg).enabled }}
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: {{ $pkg }}-allow-ingress
-  namespace: sonarqube
-spec:
-  podSelector:
-    matchLabels:
-      app: sonarqube
-  policyTypes:
-  - Ingress
-  ingress:
-    - from:
-      - namespaceSelector:
-          matchLabels:
-            app.kubernetes.io/name: holocron
-        podSelector:
-          matchLabels:
-            role: collector
-{{- end }}
--- a/chart/templates/holocron/values.yaml
+++ b/chart/templates/holocron/values.yaml
-{{- $pkg := "holocron" }}
-
-{{- /* Create secret */ -}}
-{{- if (get .Values.addons $pkg).enabled }}
-{{- include "values-secret" (dict "root" $ "package" (get .Values.addons $pkg) "name" $pkg "defaults" (include (printf "bigbang.defaults.%s" $pkg) .)) }}
-{{- end }}
-
-{{- define "bigbang.defaults.holocron" -}}
-
-imagePullSecrets:
- name: private-registry
-imagePullPolicy: {{ .Values.imagePullPolicy }}
-
-externalURL: https://holocron.{{ .Values.domain }}
-
-domain: {{ .Values.domain }}
-
-api:
-  env:
-    REQUEST_IP_HEADER: Host
-    SSO_ENABLED: {{ .Values.addons.holocron.sso.enabled }}
-    SSO_ADMIN_GROUP: {{ .Values.addons.holocron.sso.groups.admin }}
-    SSO_LEADERSHIP_GROUP: {{ .Values.addons.holocron.sso.groups.leadership }}
-    SSO_GROUPS_KEY: {{ .Values.sso.oidc.claims.groups }}
-    SSO_USERNAME_KEY: {{ .Values.sso.oidc.claims.username }}
-
-{{- if .Values.addons.gitlab.enabled }}
-{{- $gitlabURL := "http://gitlab-webservice-default.gitlab.svc.cluster.local:8080" }}
-collectorGitlabSCM:
-  replicas: 1
-  image:
-    repository: registry1.dso.mil/ironbank/holocron/collector-gitlab-scm
-    tag: "3.0.2"
-    pullPolicy: IfNotPresent
-  instances:
-  - accessTokenSecretKey: gitlab-scm-0
-    env:
-      COLLECTOR_NAME: gitlab-scm-0
-      COLLECTOR_INTERVAL_SECONDS: 600
-      LOOK_BACK_DAYS: 365
-      TARGET_URL: {{ $gitlabURL }}
-      COLLECTOR_TARGETS_INTRVL_SECS: 86400
-      MAX_REQUESTS_PER_MINUTE: 500
-collectorGitlabBuild:
-  replicas: 1
-  image:
-    repository: registry1.dso.mil/ironbank/holocron/collector-gitlab-build
-    tag: "3.0.2"
-    pullPolicy: IfNotPresent
-  instances:
-  - accessTokenSecretKey: gitlab-build-0
-    env:
-      COLLECTOR_NAME: gitlab-build-0
-      COLLECTOR_INTERVAL_SECONDS: 600
-      LOOK_BACK_DAYS: 365
-      TARGET_URL: {{ $gitlabURL }}
-      COLLECTOR_TARGETS_INTRVL_SECS: 86400
-      MAX_REQUESTS_PER_MINUTE: 500
-collectorGitlabWorkflow:
-  replicas: 1
-  image:
-    repository: registry1.dso.mil/ironbank/holocron/collector-gitlab-workflow
-    tag: "3.0.2"
-    pullPolicy: IfNotPresent
-  instances:
-  - accessTokenSecretKey: gitlab-workflow-0
-    env:
-      COLLECTOR_NAME: gitlab-workflow-0
-      COLLECTOR_INTERVAL_SECONDS: 600
-      LOOK_BACK_DAYS: 365
-      TARGET_URL: {{ $gitlabURL }}
-      COLLECTOR_TARGETS_INTRVL_SECS: 86400
-      MAX_REQUESTS_PER_MINUTE: 500
-      HIGHEST_PRIORITY_LABELS: priority::1,highest
-      HIGH_PRIORITY_LABELS: priority::2,high
-      MEDIUM_PRIORITY_LABELS: priority::3,medium
-      LOW_PRIORITY_LABELS: priority::4,low
-      LOWEST_PRIORITY_LABELS: priority::5,lowest
-      DEFAULT_TICKET_PRIORITY: lowest
-      FEATURE_LABELS: kind::feature,feature
-      DEFECT_LABELS: kind::bug,kind::defect,bug,defect
-      MAINTENANCE_LABELS: kind::maintenance,kind::docs,maintenance,docs,documentation
-      UNPLANNED_LABELS: kind::unplanned
-      DEFAULT_TICKET_TYPE: feature
-{{- else }}
-collectorGitlabSCM:
-  instances: []
-collectorGitlabBuild:
-  instances: []
-collectorGitlabWorkflow:
-  instances: []
-{{- end }}
-{{- if .Values.addons.holocron.jira.enabled }}
-collectorJiraWorkflow:
-  replicas: 1
-  image:
-    repository: registry1.dso.mil/ironbank/holocron/collector-jira-workflow
-    tag: "3.0.2"
-    pullPolicy: IfNotPresent
-  instances:
-  - accessTokenSecretKey: jira-workflow-0
-    env:
-      COLLECTOR_NAME: jira-workflow-0
-      COLLECTOR_INTERVAL_SECONDS: 600
-      LOOK_BACK_DAYS: 365
-      TARGET_URL: {{ .Values.addons.holocron.jira.service }}
-      COLLECTOR_TARGETS_INTRVL_SECS: 86400
-      MAX_REQUESTS_PER_MINUTE: 500
-{{- else }}
-collectorJiraWorkflow:
-  instances: []
-{{- end }}
-{{- if .Values.addons.sonarqube.enabled }}
-collectorSonarQubeProjectAnalysis:
-  replicas: 1
-  image:
-    repository: registry1.dso.mil/ironbank/holocron/collector-sonarqube-project-analysis
-    tag: "3.0.2"
-    pullPolicy: IfNotPresent
-  instances:
-  - accessTokenSecretKey: sonarqube-project-analysis-0
-    env:
-      COLLECTOR_NAME: sonarqube-project-analysis-0
-      COLLECTOR_INTERVAL_SECONDS: 600
-      LOOK_BACK_DAYS: 365
-      TARGET_URL: "http://sonarqube-sonarqube.gitlab.svc.cluster.local:9000"
-      COLLECTOR_TARGETS_INTRVL_SECS: 86400
-      MAX_REQUESTS_PER_MINUTE: 500
-{{- else }}
-collectorSonarQubeProjectAnalysis:
-  instances: []
-{{- end }}
-
-postgresql:
-  {{- if .Values.addons.holocron.database.host }}
-  enabled: false
-  service:
-    name: {{ .Values.addons.holocron.database.host }}
-  {{- else }}
-  enabled: true
-  {{- end }}
-  service:
-    ports:
-      postgresql: {{ .Values.addons.holocron.database.port }}
-    
-  image:
-    repository: ironbank/opensource/postgres/postgresql
-    tag: "15.5"
-  auth:
-    secretKey: password
-    username: {{ .Values.addons.holocron.database.username }}
-    password: {{ .Values.addons.holocron.database.password }}
-    database: {{ .Values.addons.holocron.database.database }}
-  tls:
-    enabled: true
-    autoGenerated: true
-
-istio:
-  enabled: {{ .Values.istio.enabled }}
-  injection: enabled
-  holocron:
-    gateways:
-    - istio-system/{{ default "public" .Values.addons.holocron.ingress.gateway }}
-    hosts:
-    - holocron.{{ .Values.domain }}
-
-networkPolicies:
-  enabled: {{ .Values.networkPolicies.enabled }}
-  egressHostLabels:
-    {{- if .Values.addons.gitlab.enabled }}
-    app.kubernetes.io/name: gitlab
-    {{- end }}
-    {{- if .Values.addons.holocron.jira.enabled }}
-    {{ toYaml .Values.addons.holocron.jira.service.label | nindent 4 }}
-    {{- end }}
-    {{- if .Values.addons.sonarqube.enabled }}
-    app: sonarqube
-    {{- end }}
-
-monitoring:
-  enabled: {{ .Values.monitoring.enabled }}
-
-{{- end }}
--- a/chart/templates/kyverno-policies/values.yaml
+++ b/chart/templates/kyverno-policies/values.yaml
@@ -251,17 +251,10 @@ policies:

  require-non-root-group:
    validationFailureAction: Enforce
-    {{ if .Values.istio.enabled }}
+    {{- if .Values.istio.enabled }}
    parameters:
      excludeContainers:
        - istio-init
-        {{ if not .Values.addons.holocron.database.host }}
-        - init-chmod-data
-        {{- end }}
-    {{ else if not .Values.addons.holocron.database.host }}
-    parameters:
-      excludeContainers:
-        - init-chmod-data
    {{- end }}
    {{- if or $deployNodeAgent .Values.twistlock.enabled .Values.fluentbit.enabled .Values.promtail.enabled .Values.neuvector.enabled }}
    exclude:
@@ -327,13 +320,6 @@ policies:
    parameters:
      excludeContainers:
        - istio-init
-        {{ if not .Values.addons.holocron.database.host }}
-        - init-chmod-data
-        {{- end }}
-    {{ else if not .Values.addons.holocron.database.host }}
-    parameters:
-      excludeContainers:
-        - init-chmod-data
    {{- end }}
    exclude:
      any:

--- a/chart/values.schema.json
+++ b/chart/values.schema.json
@@ -1087,13 +1087,6 @@
            }
          ]
        },
-        "holocron": {
-          "allOf": [
-            {
-              "$ref": "#/$defs/basePackage"
-            }
-          ]
-        },
        "thanos": {
          "allOf": [
            {

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -505,6 +505,7 @@ kyverno:
  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

+
 kyvernoPolicies:
  # -- Toggle deployment of Kyverno policies
  enabled: true
@@ -740,7 +741,7 @@ loki:
 # ----------------------------------------------------------------------------------------------------------------------

 neuvector:
-  # -- Toggle deployment of Neuvector.
+   # -- Toggle deployment of Neuvector.
  enabled: true

  # -- Choose source type of "git" or "helmRepo"
@@ -1205,7 +1206,7 @@ addons:

      # -- Gitlab SSO Scopes, default is ["Gitlab"]
      scopes:
-        - Gitlab
+      - Gitlab

    database:
      # -- Hostname of a pre-existing PostgreSQL database to use for Gitlab.
@@ -1263,11 +1264,12 @@ addons:
      # with a random password.
      # -- This needs to be set to a non-empty value in order for the Grafana Redis Datasource and Dashboards to be installed.
      password: ""
-
+  
    # -- Rails plain text secret to define. If empty (""), the gitlab charts will create the gitlab-rails-secret with randomized data.
    # Read the following for more information on setting Gitlab rails secrets: https://docs.gitlab.com/charts/installation/secrets#gitlab-rails-secret
    railsSecret: ""

+
    # -- Values to passthrough to the gitlab chart: https://repo1.dso.mil/big-bang/product/packages/gitlab.git
    values: {}

@@ -1912,81 +1914,6 @@ addons:

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []
-  
-  holocron:
-    # -- Toggle deployment of Holocron.
-    enabled: false
-
-    # -- Choose source type of "git" or "helmRepo"
-    sourceType: "git"
-
-    git:
-      repo: https://repo1.dso.mil/big-bang/product/packages/holocron.git
-      tag: "0.1.2"
-      path: "./chart"
-    helmRepo:
-      repoName: "registry1"
-      chartName: "holocron"
-      tag: "0.1.2"
-
-    collectorAuth:
-      # -- Name of existing secret with auth tokens for collector services: https://repo1.dso.mil/groups/big-bang/apps/sandbox/holocron/-/wikis/Administrator-Guide
-      # -- Default keys for secret are:
-      # -- gitlab-scm-0, gitlab-workflow-0, gitlab-build-0, jira-workflow-0
-      # -- If not provided, one will be created
-      existingSecret: ""
-      # -- Tokens for the secret to be created
-      gitlabToken: ""
-      jiraToken: ""
-
-    jira:
-      # -- If there is a Jira deployment, enable a collector for it
-      enabled: false
-      service:
-      # -- The service name to communicate with
-        name: ""
-        # -- If network policies are enabled, a label to match the namespace for egress policy
-        label:
-          key: value
-
-    # -- Flux reconciliation overrides specifically for the Holocron Package
-    flux: {}
-
-    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
-    ingress:
-      gateway: ""
-
-    sso:
-      # -- Toggle SSO for Holocron on and off
-      enabled: false
-
-      # -- Holocron SSO group roles: https://repo1.dso.mil/groups/big-bang/apps/sandbox/holocron/-/wikis/Administrator-Guide
-      groups:
-        admin: ""
-        leadership: ""
-
-    database:
-      # -- Hostname of a pre-existing PostgreSQL database to use for Gitlab.
-      # -- Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
-      host: ""
-
-      # -- Port of a pre-existing PostgreSQL database to use for Gitlab.
-      port: 5432
-
-      # -- Database name to connect to on host.
-      database: "holocron"
-
-      # -- Username to connect as to external database, the user must have all privileges on the database.
-      username: "holocron"
-
-      # -- Database password for the username used to connect to the existing database.
-      password: "holocron"
-
-    # -- Post Renderers.  See docs/postrenders.md
-    postRenderers: []
-
-    # -- Values to passthrough to the Holocron chart: https://repo1.dso.mil/big-bang/product/packages/holocron.git
-    values: {}

  # ----------------------------------------------------------------------------------------------------------------------
  # thanos

--- a/docs/understanding-bigbang/package-architecture/holocron.md
+++ b/docs/understanding-bigbang/package-architecture/holocron.md
-# Holocron
-
-## Overview
-Holocron is a software delivery metrics tracker and aggregator. It is designed to provide key insights into potential pain points for software delivery teams and help facilitate more efficient development. Holocron is an opinionated tool displaying goals for work in progress, continuous integration, and keeping piplines, branches, and merge requests from becoming stale. It also tracks how much effort is spent on different types of work, how often bugs are introduced, and how quickly tickets are resolved. It is an open-source project developed in-house at Platform One.
-
-### Architecture
-
-| Component | Description |
-| --- | --- |
-| Holocron Dashboard | Frontend allowing communication with the API to configure teams, value streams, and organizations and view their collected metrics. |
-| Holocron API | Backend server connecting to the database, receives requests from the frontend and can potentially be integrated with a custom UI solution. |
-| Postgresql Database | Holocron requires a Postgresql database for persistence. |
-| SSO | (Optional) Holocron can utilize RBAC if there is an SSO service enabled. |
-| Collector GitLab Build | (Optional) Periodically collects build data (pipelines) from a targeted GitLab instance. |
-| Collector GitLab SCM |(Optional) Periodically collects SCM data (commits, branches, etc.) from a targeted GitLab instance. |
-| Collector GitLab Workflow | (Optional) Periodically collects workflow data (tickets) from a targeted GitLab instance. |
-| Collector Jira Workflow | (Optional) Periodically collects workflow data (tickets) from a targeted Jira instance. |
-| Collector SonarQube Project Analysis | (Optional) Periodically collects project issue data (code smells, vulnerabilities, etc.) from a targeted SonarQube instance. |
-
-**Note: While all collectors are optional, Holocron won't have any metrics and as such no value if none are utilized.**